0
0
Terraformcloud~10 mins

Drift detection in CI/CD in Terraform - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Drift detection in CI/CD
Start CI/CD Pipeline
Run terraform plan
Compare current infra vs code
Is there drift?
NoContinue deployment
Yes
Alert or fail pipeline
Fix drift manually or update code
Re-run pipeline
The pipeline runs terraform plan to compare real infrastructure with code. If differences (drift) exist, it alerts or stops deployment until fixed.
Execution Sample
Terraform
terraform init
terraform plan -detailed-exitcode
if [ $? -eq 2 ]; then
  echo "Drift detected!"
  exit 1
fi
This script initializes terraform, runs plan with detailed exit codes, and exits with error if drift is detected.
Process Table
StepCommandExit CodeDrift Detected?Action TakenOutput
1terraform init0NoInitialize terraformTerraform has been successfully initialized!
2terraform plan -detailed-exitcode2YesFail pipelinePlan: 1 to add, 0 to change, 0 to destroy.
3Check exit code2YesPrint alert and exitDrift detected!
4Pipeline stops---Pipeline failed due to drift.
💡 Exit code 2 from terraform plan means drift detected, so pipeline stops to prevent unintended changes.
Status Tracker
VariableStartAfter terraform initAfter terraform planFinal
exit_codeN/A022
drift_detectedfalsefalsetruetrue
pipeline_statusrunningrunningfailedfailed
Key Moments - 2 Insights
Why does terraform plan return exit code 2 when drift is detected?
Terraform plan with -detailed-exitcode returns 2 specifically to indicate that the real infrastructure differs from the code, signaling drift. See execution_table row 2.
What happens if drift is not fixed before continuing the pipeline?
The pipeline fails and stops deployment to avoid applying unexpected changes. This is shown in execution_table rows 3 and 4.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the exit code after running terraform plan?
A0
B2
C1
D3
💡 Hint
Check the 'Exit Code' column in row 2 of the execution_table.
At which step does the pipeline detect drift and decide to fail?
AStep 3
BStep 2
CStep 1
DStep 4
💡 Hint
Look at the 'Action Taken' column where the alert is printed and pipeline exits.
If terraform plan returned exit code 0 instead of 2, what would happen?
APipeline would alert but continue
BPipeline would fail due to drift
CPipeline would continue deployment
DPipeline would restart terraform init
💡 Hint
Refer to the 'Drift Detected?' column and 'Action Taken' for exit code 0 in execution_table.
Concept Snapshot
Drift detection in CI/CD with Terraform:
- Run 'terraform plan -detailed-exitcode' to detect drift
- Exit code 0: no drift, continue
- Exit code 2: drift detected, fail pipeline
- Fix drift manually or update code before redeploy
- Prevents unintended infrastructure changes
Full Transcript
In a CI/CD pipeline using Terraform, drift detection means checking if the real infrastructure matches the code. The pipeline runs 'terraform plan' with the '-detailed-exitcode' flag. If the exit code is 2, it means drift exists. The pipeline then alerts and stops deployment to avoid unexpected changes. If the exit code is 0, no drift is found and deployment continues. This process helps keep infrastructure consistent and safe.